1. #1

    BSOD on Windows Server 2008 R2 SP1

    We have a file server that has been running for several years under Hyper-V. It has the latest integration tools for Hyper-V. In the past month, it has blue screened three times; never had a blue screen previously.

    No recent changes to the machine, other than the usual Microsoft Security Patches (First BSOD happened on 8/9/2017; KB4025252 was installed on 7/30/2017.)

    I have two minidumps and two full memory.dmp files. I can send via PM the BSOD file created by the Sysnative file. After looking through the data it puts together, would rather not put on a public forum.

    Not sure if you guys work on servers, but hoping you can help. As this is virtual, most of the questions requested to be answered in the opening thread don't count. However, this machine was built with Server 2008 R2 SP1 and has never been "upgraded" from a previous OS. It is not from any kind of image but installed with original ISO from Microsoft.

    Let me know if any other question, appreciate it!


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Instructor
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    23
    Posts
    13,362
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1803 x64

    Re: BSOD on Windows Server 2008 R2 SP1

    Send me the dumps to analyze and I'll see what I can make out of them :)

  3. #3
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    16,591
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: BSOD on Windows Server 2008 R2 SP1

    Hi. . .

    Servers aren't all that different from stand alone systems from the few that I've seen over the years.

    I do need the Sysnative app output zip file containing the dumps + system information - Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 & Vista

    The full kernel dumps are not needed at this time, but may be later.

    Regards. . .

    jcgriff2

  4. #4
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Instructor
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    23
    Posts
    13,362
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1803 x64

    Re: BSOD on Windows Server 2008 R2 SP1

    Could you check for driver updates for the driver in red?

    Also, if you can, please follow these instructions: Driver Verifier - BSOD related - Windows 10, 8.1, 8, 7 & Vista

    Make sure you create a restore point prior to running this and leave it running for at least 24h or until a new crash.

    Code:
    lsi_sas.sys Tue May 19 02:20:23 2009  (4A11FB47) 
    LSI SAS driver http://www.lsi.com/support/ 
    http://www.carrona.org/drivers/driver.php?id=lsi_sas.sys 
    
    intelppm.sys Tue Jul 14 01:19:25  2009 (4A5BC0FD) 
    Intel Processor driver  Drivers & Software also at 
    http://www.carrona.org/drivers/driver.php?id=intelppm.sys 
    
    intelide.sys Tue Jul 14 01:19:48  2009 (4A5BC114) 
    Intel IDE storage driver  Drivers & Software also at 
    http://www.carrona.org/drivers/driver.php?id=intelide.sys 
    
    NirSoftOpenedFilesDriver.sys Fri  Jan 8 22:23:21 2010 (4B47A249) 
    
    NirSoftOpenedFilesDriver.sys - this driver hasn't been  added to the DRT as of this run. Please search Google/Bing for the driver if  additional information is needed. 
    
    amdxata.sys Fri Mar 19 17:18:18  2010 (4BA3A3CA) 
    AMD storage controller driver - usually from the Windows 7  DVD Windows Update 
    http://www.carrona.org/drivers/driver.php?id=amdxata.sys 
    
    dfsrro.sys Tue May 21 05:03:34  2013 (519AE406) 
    
    dfsrro.sys - this driver hasn't been added to the DRT as of  this run. Please search Google/Bing for the driver if additional information is  needed. 
    
    stcvsm.sys Mon Jun 10 22:05:39 2013 (51B63193)  
    StorageCraft driver http://www.storagecraft.com/software_update.php 
    http://www.carrona.org/drivers/driver.php?id=stcvsm.sys 
    
    em015_64.dat Tue Feb 23 10:07:44  2016 (56CC2160) 
    ESET File Security Driver Download -  http://www.eset.com/us/products/file...rosoft-server/[br]Support -  http://support.eset.com/ 
    http://www.carrona.org/drivers/driver.php?id=em015_64.dat 
    
    sbmount.SYS Thu May 19 00:15:30  2016 (573CE982) 
    StorageCraft Driver  http://www.storagecraft.com/software_update.php 
    http://www.carrona.org/drivers/driver.php?id=sbmount.SYS 
    
    netvsc60.sys Wed Jun 22 21:59:36  2016 (576AEE28) 
    
    netvsc60.sys - this driver hasn't been added to the DRT as  of this run. Please search Google/Bing for the driver if additional information  is needed. 
    
    VMBusVideoM.sys Wed Jun 22 22:03:16 2016 (576AEF04)  
    
    VMBusVideoM.sys - this  driver hasn't been added to the DRT as of this run. Please search Google/Bing  for the driver if additional information is needed. 
    
    eamonm.sys  Tue Oct 4 13:03:09 2016 (57F38C6D) 
    ESET Amon driver Support:  http://kb.eset.com/[br]Downloads: http://www.eset.com/int/download/home/ 
    http://www.carrona.org/drivers/driver.php?id=eamonm.sys 
    
    ehdrv.sys Tue Oct 4 13:03:44 2016  (57F38C90) 
    ESET Support: http://kb.eset.com/[br]Downloads:  http://www.eset.com/int/download/home/ 
    http://www.carrona.org/drivers/driver.php?id=ehdrv.sys 
    
    PROCMON23.SYS Mon May 1 01:04:30  2017 (59066D7E) 
    
    PROCMON23.SYS - this driver hasn't been added to the DRT as  of this run. Please search Google/Bing for the driver if additional information  is needed. 
    
    em018_64.dat Mon Jun 26 19:48:26 2017 (595148EA)  
    ESET Smart Security Support: http://kb.eset.com/[br]Downloads:  http://www.eset.com/int/download/home/ 
    http://www.carrona.org/drivers/driver.php?id=em018_64.dat 
    
    em006_64.dat Thu Aug 10 16:15:48  2017 (598C6A94) 
    ESET Smart Security Support: http://kb.eset.com/ [br]  Downloads: http://www.eset.com/int/download/home/ 
    http://www.carrona.org/drivers/driver.php?id=em006_64.dat 
    
    
    Code:
    
    Debug session time: Mon Aug 21 15:43:40.443 2017 (UTC + 2:00)
    
    Loading Dump File [D:\SysnativeBSODApps\082117-39593-01.dmp]
    
    Built by: 7601.23864.amd64fre.win7sp1_ldr.170707-0600
    
    System Uptime: 1 days 8:54:33.200
    
    Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )
    
    BugCheck 1, {7772bdaa, 0, ffff, fffff880065efb60}
    
    BugCheck Info: APC_INDEX_MISMATCH (1)
    
    Bugcheck code 00000001
    
    Arguments: 
    
    Arg1: 000000007772bdaa, Address of system call function or worker routine
    
    Arg2: 0000000000000000, Thread->ApcStateIndex
    
    Arg3: 000000000000ffff, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
    
    Arg4: fffff880065efb60, Call type (0 - system call, 1 - worker routine)
    
    BUGCHECK_STR:  0x1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER
    
    PROCESS_NAME:  OpenedFilesVie
    
    FAILURE_BUCKET_ID:  X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+245
    
    MaxSpeed:     2200
    
    CurrentSpeed: 2194
    
    BiosVersion = 090006 
    
    BiosReleaseDate = 05/23/2012
    
    BaseBoardManufacturer = Microsoft Corporation
    
    BaseBoardProduct = Virtual Machine
    
    SystemManufacturer = Microsoft Corporation
    
    SystemProductName = Virtual Machine
    
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    
    Debug session time: Wed Aug  9 16:58:28.401 2017 (UTC + 2:00)
    
    Loading Dump File [D:\SysnativeBSODApps\080917-38296-01.dmp]
    
    Built by: 7601.23807.amd64fre.win7sp1_ldr.170512-0600
    
    System Uptime: 10 days 8:54:26.106
    
    Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )
    
    BugCheck 1, {7725bdaa, 0, ffff, fffff88007eb5b60}
    
    BugCheck Info: APC_INDEX_MISMATCH (1)
    
    Bugcheck code 00000001
    
    Arguments: 
    
    Arg1: 000000007725bdaa, Address of system call function or worker routine
    
    Arg2: 0000000000000000, Thread->ApcStateIndex
    
    Arg3: 000000000000ffff, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
    
    Arg4: fffff88007eb5b60, Call type (0 - system call, 1 - worker routine)
    
    BUGCHECK_STR:  0x1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER
    
    PROCESS_NAME:  OpenedFilesVie
    
    FAILURE_BUCKET_ID:  X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+245
    
    MaxSpeed:     2200
    
    CurrentSpeed: 2194
    
    BiosVersion = 090006 
    
    BiosReleaseDate = 05/23/2012
    
    BaseBoardManufacturer = Microsoft Corporation
    
    BaseBoardProduct = Virtual Machine
    
    SystemManufacturer = Microsoft Corporation
    
    SystemProductName = Virtual Machine
    
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    
    
    
    
    
    --- E O J --- 2017 Aug 22 19:41:21 PM _88-dbug  Copyright 2017 Sysnative Forums 
    --- E O J --- 2017 Aug 22 19:41:21 PM  _88-dbug Copyright 2017 Sysnative Forums 
    --- E O J --- 2017 Aug 22 19:41:21  PM _88-dbug Copyright 2017 Sysnative Forums
    jcgriff2 and PatD say thanks for this.

  5. #5
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    16,591
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: BSOD on Windows Server 2008 R2 SP1

    The bugchecks on both dumps were the same - 0x1 - APC mismatch. This is a very uncommon, very rare bugcheck and basically means that there is a mismatch within the kernel. The dumps therefore list the kernel as the probable cause. But that really is a default of sorts.

    In the unloaded module section of the dumps, part of a Nirsoft app appears at least 20x -
    Code:
    Unloaded modules:
    fffff880`06c46000 fffff880`06c4d000   NirSoftOpene
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00007000
    fffff880`06c3f000 fffff880`06c46000   NirSoftOpene
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00007000
    Any idea what app that is?

    What I mean by unloaded module is that this app is constantly put into memory (RAM - not pagefile), then is taken out again to make room for another module - then is put back into RAM and on it goes..... It is very suspicious to see it 20+ times.

    If you absolutely don't need it, I would remove the app for now until the BSOD epidemic is over.

    It is essential to now run Driver Verifier.

    Regards. . .

    jcgriff2
    PatD says thanks for this.

  6. #6
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Instructor
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    23
    Posts
    13,362
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1803 x64

    Re: BSOD on Windows Server 2008 R2 SP1

    It's probably NirSoft's OpenedFilesView.
    PatD says thanks for this.

  7. #7

    Re: BSOD on Windows Server 2008 R2 SP1

    The LSI drive is odd to me. Looking through some other drivers in the report, I'm wondering if the information I have that this was built from an ISO is really correct. It almost feels like a P2V machine as I look deeper. I'll check out this driver.

    However, the NirSoft is most likely the problem, I agree. This was put in to place a few days before the BSOD started as a vendor is trying to find an issue with some open files that users are complaining about, and we have a batch file running it throughout the day. I'm going to kill this for now and monitor.

    Thanks for your help gang. I'm hoping this is resolved, but will report back if not.
    jcgriff2 and softwaremaniac say thanks for this.

  8. #8
    x BlueRobot's Avatar
    Join Date
    May 2013
    Location
    Minkowski Space
    Posts
    1,878

    Re: BSOD on Windows Server 2008 R2 SP1

    Quote Originally Posted by softwaremaniac View Post
    It's probably NirSoft's OpenedFilesView.
    It appears to be that way, the dump file has OpenedFilesVie in the image name:

    Code:
    0: kd> !process
    GetPointerFromAddress: unable to read from fffff80001cc1000
    PROCESS fffffa800d90c270
        SessionId: none  Cid: 15a8    Peb: 7fffffde000  ParentCid: 14ac
        DirBase: 160ec8000  ObjectTable: fffff8a0018aa840  HandleCount: <Data Not Accessible>
        Image: OpenedFilesVie
        VadRoot fffffa800d002260 Vads 44 Clone 0 Private 745. Modified 4. Locked 0.
        DeviceMap fffff8a0019f0a60
        Token                             fffff8a040e647c0
        ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    fffff78000000000: Unable to get shared data
        ElapsedTime                       00:00:00.000
        UserTime                          00:00:00.000
        KernelTime                        00:00:00.000
        QuotaPoolUsage[PagedPool]         70040
        QuotaPoolUsage[NonPagedPool]      5288
        Working Set Sizes (now,min,max)  (1409, 50, 345) (5636KB, 200KB, 1380KB)
        PeakWorkingSetSize                1409
        VirtualSize                       36 Mb
        PeakVirtualSize                   36 Mb
        PageFaultCount                    1499
        MemoryPriority                    BACKGROUND
        BasePriority                      6
        CommitCharge                      852
    
            THREAD fffffa800e8c62a0  Cid 15a8.13a4  Teb: 000007fffffdc000 Win32Thread: fffff900c239d5e0 RUNNING on processor 0
            *** Error in reading nt!_ETHREAD @ fffffa8006e79060
    As others have suggested, if the issue still occurs, then it would be best to run Driver Verifier with the Critical Region logging option set.
    jcgriff2 says thanks for this.
    Machines Can Think

    We don't make mistakes; we just have happy accidents.

  9. #9
    x BlueRobot's Avatar
    Join Date
    May 2013
    Location
    Minkowski Space
    Posts
    1,878

    Re: BSOD on Windows Server 2008 R2 SP1

    In case anyone is wondering how to obtain the parameter values, these are all found within the _KTHREAD structure:

    Code:
    0: kd> dt nt!_KTHREAD -y SpecialApcDisable
       +0x1c6 SpecialApcDisable : Int2B
    Code:
    0: kd> dt nt!_KTHREAD -y KernelApcDisable
       +0x1c4 KernelApcDisable : Int2B
    Code:
    0: kd> dt nt!_KTHREAD CombinedApcDisable
       +0x1c4 CombinedApcDisable : Uint4B
    APCs are used for I/O operations and setting the thread context, which is evident from the crash dump, when the process receives a request from user-mode.

    Code:
    0: kd> knL
     # Child-SP          RetAddr           Call Site
    00 fffff880`065ef928 fffff800`01a83f29 nt!KeBugCheckEx
    01 fffff880`065ef930 fffff800`01a83e60 nt!KiBugCheckDispatch+0x69
    02 fffff880`065efa70 00000000`7772bdaa nt!KiSystemServiceExit+0x245
    03 00000000`0012d7c8 00000000`00000000 0x7772bdaa
    jcgriff2 and axe0 say thanks for this.
    Machines Can Think

    We don't make mistakes; we just have happy accidents.

Similar Threads

  1. Replies: 32
    Last Post: 05-25-2016, 01:39 PM
  2. Overnight BSOD - Server 2008 R2
    By NeilC in forum BSOD, Crashes, Kernel Debugging
    Replies: 4
    Last Post: 02-15-2016, 05:22 PM
  3. Mutiple Virtual Server 2008's with BSOD's - Windows Server 2008 x64
    By athlete4life in forum BSOD, Crashes, Kernel Debugging
    Replies: 9
    Last Post: 09-15-2015, 09:10 AM
  4. Server 2008 RS BSOD
    By strensnik2 in forum BSOD, Crashes, Kernel Debugging
    Replies: 1
    Last Post: 03-06-2013, 03:09 PM
  5. Windows Server 2008 R2 STD BSOD crash reason
    By suvaldykit in forum BSOD, Crashes, Kernel Debugging
    Replies: 22
    Last Post: 11-06-2012, 11:51 AM

Log in

Log in